The Heartbleed Vulnerability and PayLease
On April 7, 2014 the “Heartbleed” vulnerability was discovered in the OpenSSL library used by 66 percent of all web sites. OpenSSL is an open-source encryption library used to protect information sent between your computer and the web sites you visit. This vulnerability could allow hackers to access information that would normally be encrypted, including passwords and other sensitive data.
What is the extent of the damage?
The extent of the damage caused by the Heartbleed glitch is unknown. The vulnerability was introduced 2 years ago, but was only officially reported this month. Since there are no foot prints left behind by those who could exploit it, it is difficult, if not impossible to know what information may have been compromised.
Was PayLease affected by the Heartbleed vulnerability?
No. We were not using the specific versions of the OpenSSL library that were susceptible to the Heartbleed vulnerability. We evaluated all possible threat targets including servers, firewalls, SSL keys/certificates and services and found that none of our customer facing hardware or software was vulnerable. As such there is no risk that any data shared between PayLease and our customers was compromised. Our customers do not need to take any action on their PayLease account.
What can I do to protect myself from the Heartbleed vulnerability?
The first and most important action you can take is to change your password on any affected service you use. This includes Google (Gmail), Yahoo and Facebook, among others. Click here (link is external) for a comprehensive list. Additionally, if you use home networking equipment such as Cisco or Juniper wireless routers, you should check their web sites to see if your product is susceptible. This vulnerability is so pervasive that it could also affect other internet connected devices such as Blu-ray players.
Read more about the Heartbleed vulnerability here.